summaryrefslogtreecommitdiffstats
path: root/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-master.conf
diff options
context:
space:
mode:
Diffstat (limited to 'roles/IMAP-proxy/files/etc/dovecot/conf.d/10-master.conf')
-rw-r--r--roles/IMAP-proxy/files/etc/dovecot/conf.d/10-master.conf77
1 files changed, 77 insertions, 0 deletions
diff --git a/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-master.conf b/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-master.conf
new file mode 100644
index 0000000..ad9b08f
--- /dev/null
+++ b/roles/IMAP-proxy/files/etc/dovecot/conf.d/10-master.conf
@@ -0,0 +1,77 @@
+#default_process_limit = 100
+#default_client_limit = 1000
+
+# Default VSZ (virtual memory size) limit for service processes. This is mainly
+# intended to catch and kill processes that leak memory before they eat up
+# everything.
+#default_vsz_limit = 256M
+
+# Login user is internally used by login processes. This is the most untrusted
+# user in Dovecot system. It shouldn't have access to anything at all.
+default_login_user = dovenull
+
+# Internal user is used by unprivileged processes. It should be separate from
+# login user, so that login processes can't disturb other processes.
+default_internal_user = dovecot
+
+service imap-login {
+ inet_listener imap {
+ address = 127.0.0.1
+ port = 143
+ ssl = no
+ }
+ inet_listener imaps {
+ port = 0
+ }
+
+ # Number of connections to handle before starting a new process. Typically
+ # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
+ # is faster. <doc/wiki/LoginProcess.txt>
+ service_count = 1
+
+ # Number of processes to always keep waiting for more connections.
+ #process_min_avail = 0
+
+ # If you set service_count=0, you probably need to grow this.
+ #vsz_limit = $default_vsz_limit
+}
+
+service imap {
+ # Most of the memory goes to mmap()ing files. You may need to increase this
+ # limit if you have huge mailboxes.
+ #vsz_limit = $default_vsz_limit
+
+ # Max. number of IMAP processes (connections)
+ #process_limit = 1024
+}
+
+service auth {
+ # auth_socket_path points to this userdb socket by default. It's typically
+ # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
+ # full permissions to this socket are able to get a list of all usernames and
+ # get the results of everyone's userdb lookups.
+ #
+ # The default 0666 mode allows anyone to connect to the socket, but the
+ # userdb lookups will succeed only if the userdb returns an "uid" field that
+ # matches the caller process's UID. Also if caller's uid or gid matches the
+ # socket's uid or gid the lookup succeeds. Anything else causes a failure.
+ #
+ # To give the caller full permissions to lookup all users, set the mode to
+ # something else than 0666 and Dovecot lets the kernel enforce the
+ # permissions (e.g. 0777 allows everyone full permissions).
+ unix_listener auth-userdb {
+ #mode = 0666
+ #user = $default_internal_user
+ #group =
+ }
+
+ # Auth process is run as this user.
+ user = $default_internal_user
+}
+
+service auth-worker {
+ # Auth worker process is run as root by default, so that it can access
+ # /etc/shadow. If this isn't necessary, the user should be changed to
+ # $default_internal_user.
+ user = $default_internal_user
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-28 23:16:45 +0000